nuclei-templates/http/cves/2020/CVE-2020-2551.yaml

54 lines
1.9 KiB
YAML

id: CVE-2020-2551
info:
name: Oracle WebLogic Server - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: |
Apply the latest security patches provided by Oracle to mitigate this vulnerability.
reference:
- https://github.com/hktalent/CVE-2020-2551
- https://nvd.nist.gov/vuln/detail/CVE-2020-2551
- https://www.oracle.com/security-alerts/cpujan2020.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-2551
epss-score: 0.97503
epss-percentile: 0.99977
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: oracle
product: weblogic_server
tags: cve,cve2020,oracle,weblogic,rce,unauth,kev
http:
- method: GET
path:
- "{{BaseURL}}/console/login/LoginForm.jsp"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "10.3.6.0"
- "12.1.3.0"
- "12.2.1.3"
- "12.2.1.4"
condition: or
- type: word
part: body
words:
- "WebLogic"
- type: status
status:
- 200
# digest: 4a0a0047304502202d8a69746c639934d4dbdcfe15d354f7fbfc8e95ba4c43548f41776b7f24151e0221008e9e7ee4f80b974769671ee85ef1f3f6756c978245d398d6cfb5a752ec1b8c03:922c64590222798bb761d5b6d8e72950